<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hello Marco,</p>
<p>midPoint's approach to approvals is: <br>
</p>
<p>Just execute the required change (e.g. add a role or enable the
user), using e.g. midpoint.executeChanges() method. Your midPoint
configuration should ensure that the approval process will be
started; e.g. by definiting an approver for a role, or by defining
a policy rule, etc.</p>
<p>I am not sure how the approvals configuration exactly looked like
in 3.5 (I am afraid policy rules were in their beginnings). But
approvals for role assignment should be quite easily definable.</p>
<pre class="moz-signature" cols="72">Pavol Mederly
Software developer
evolveum.com
</pre>
<div class="moz-cite-prefix">On 13.06.2018 17:50, Marco Benucci
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:95efd652-ad7b-046e-2ab0-57ad1c319cb6@nsr.it">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<p><font face="DejaVu Sans Mono">Thank you Pavol, but I cannot
understand what I have to do to create an approval process
with an hook </font>and unfortunately the javadoc from 3.5 is
not available.</p>
<p>Is there something on github or even in the wiki about the
creation of a workflow using the scripting hook mechanism?<br>
<br>
Thanks,<br>
Marco</p>
<br>
<div class="moz-cite-prefix">On 06/13/2018 09:56 AM, Pavol Mederly
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:8bb7f33e-82cf-f0a8-a575-0d23625cb42c@evolveum.com">
<meta http-equiv="Content-Type" content="text/html;
charset=utf-8">
<p>Marco,</p>
<p>yes it is here: <a moz-do-not-send="true"
href="https://wiki.evolveum.com/display/midPoint/Scripting+Hooks">https://wiki.evolveum.com/display/midPoint/Scripting+Hooks</a></p>
<p>Best regards,<br>
</p>
<pre class="moz-signature" cols="72">Pavol Mederly
Software developer
evolveum.com
</pre>
<div class="moz-cite-prefix">On 11.06.2018 13:01, Marco Benucci
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:4cbb2be1-50de-2529-a3e4-ef7303d18153@nsr.it">
<meta http-equiv="Content-Type" content="text/html;
charset=utf-8">
<p><font face="DejaVu Sans Mono">Thank you Pavol,</font></p>
<p><font face="DejaVu Sans Mono">we were thinking that the
reaction to the liveSync unmatched could be "add user" and
with an object template we could disable the newly created
user (and the account too) or expire the password (or even
both).</font></p>
<p><font face="DejaVu Sans Mono">The approval could be about 2
request:<br>
1) adding the role that grants access to that resource<br>
2) enabling the user and the account</font></p>
<p><font face="DejaVu Sans Mono">If the approval were
rejected, it could be possibile to delete the user and the
account through an hook, I suppose...</font></p>
<p><font face="DejaVu Sans Mono">I would like to give it a
try.<br>
What about the "custom scripting hook" to create an
approval?<br>
Is there something on the wiki that talk about this?</font></p>
<p><font face="DejaVu Sans Mono">Thank you, <br>
Marco</font></p>
<p><font face="DejaVu Sans Mono"><br>
</font></p>
<br>
<div class="moz-cite-prefix">On 06/11/2018 11:24 AM, Pavol
Mederly wrote:<br>
</div>
<blockquote type="cite"
cite="mid:38078d1f-5a18-e775-7e3b-f1861e810b34@evolveum.com">
<meta http-equiv="Content-Type" content="text/html;
charset=utf-8">
<p>Marco,</p>
<p>this question have been discussed here a couple of times
already. The answer is "currently not" - at least not in a
simple way.</p>
<p>The basic reason is that it is unclear how should
midPoint react to rejection of the approval. A naive
approach (i.e. rejection means the user would not be
created) means that the same approval request would pop up
on next reconciliation; or on any other occasion where
midPoint learns that there's an unmatched account.</p>
<p>Maybe there could be a workaround like <br>
</p>
<ol>
<li>LiveSync would create user with the lifecycle state of
Proposed.</li>
<li>An approval of switching the state to Active would be
(somehow) started.</li>
<li>If the approval would be completed positively, the
user would be activated. Otherwise it would stay in
Proposed state.</li>
</ol>
<p>I am not quite sure how the step 2 should be implemented.
It could be certainly done by a custom scripting hook.
(Maybe a policy rule could be used as well but I am not
sure.)</p>
<p>Best regards,<br>
</p>
<pre class="moz-signature" cols="72">Pavol Mederly
Software developer
evolveum.com
</pre>
<div class="moz-cite-prefix">On 04.06.2018 16:50, Marco
Benucci wrote:<br>
</div>
<blockquote type="cite"
cite="mid:94e9c840-a806-6277-ef78-2a3459a4ad01@nsr.it">
<meta http-equiv="content-type" content="text/html;
charset=utf-8">
<p><font face="DejaVu Sans Mono">Hi,</font></p>
<p><font face="DejaVu Sans Mono">would it be possible to
create an approval process strarting from a LiveSync </font>"reaction"?<br>
<br>
For example:</p>
<p>I'd like to create an approval workflow about the
creation of a user created by anĀ "adduser" reaction
from an "unmatched" result discovered by liveSync
looking for new accounts on a resource.<br>
<br>
Could it be possible?<br>
<br>
Thank you,<br>
Marco</p>
<p><br>
</p>
<p><br>
</p>
<!--'"--><br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com" moz-do-not-send="true">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint" moz-do-not-send="true">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<!--'"--><br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com" moz-do-not-send="true">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint" moz-do-not-send="true">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<!--'"--><br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com" moz-do-not-send="true">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint" moz-do-not-send="true">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<!--'"--><br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com" moz-do-not-send="true">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint" moz-do-not-send="true">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<!--'"--><br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</body>
</html>